forked from osmocom/wireshark
200 lines
6.7 KiB
Plaintext
200 lines
6.7 KiB
Plaintext
Wireshark 2.9.1 Release Notes
|
||
|
||
This is an experimental release intended to test new features for
|
||
Wireshark 3.0.
|
||
|
||
What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
What’s New
|
||
|
||
Many user interface improvements have been made. See the “New and
|
||
Updated Features” section below for more details.
|
||
|
||
Bug Fixes
|
||
|
||
The following bugs have been fixed:
|
||
|
||
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
|
||
|
||
New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.9.0:
|
||
|
||
• Wireshark now supports the Swedish and Ukrainian language.
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.6.0:
|
||
|
||
• The Windows .exe installers now ship with Npcap instead of
|
||
WinPcap.
|
||
|
||
• Conversation timestamps are supported for UDP/UDP-Lite protocols
|
||
|
||
• TShark now supports the -G elastic-mapping option which generates
|
||
an ElasticSearch mapping file.
|
||
|
||
• The “Capture Information” dialog has been added back (Bug
|
||
12004[2]).
|
||
|
||
• The Ethernet and IEEE 802.11 dissectors no longer validate the
|
||
frame check sequence (checksum) by default.
|
||
|
||
• The TCP dissector gained a new “Reassemble out-of-order segments”
|
||
preference to fix dissection and decryption issues in case TCP
|
||
segments are received out-of-order. See the User’s Guide, chapter
|
||
TCP Reassembly for details.
|
||
|
||
• Decryption support for the new WireGuard dissector (Bug 15011[3],
|
||
requires Libgcrypt 1.8).
|
||
|
||
• The BOOTP dissector has been renamed to DHCP. With the exception
|
||
of “bootp.dhcp”, the old “bootp.*” display filter fields are
|
||
still supported but may be removed in a future release.
|
||
|
||
• The SSL dissector has been renamed to TLS. As with BOOTP the old
|
||
“ssl.*” display filter fields are supported but may be removed in
|
||
a future release.
|
||
|
||
• Coloring rules, IO graphs, Filter Buttons and protocol preference
|
||
tables can now be copied from other profiles using a button in
|
||
the corresponding configuration dialogs.
|
||
|
||
• APT-X has been renamed to aptX.
|
||
|
||
• When importing from hex dump, it’s now possible to add an
|
||
ExportPDU header with a payload name. This calls the specific
|
||
dissector directly without lower protocols.
|
||
|
||
• The sshdump and ciscodump extcap interfaces can now use a proxy
|
||
for the SSH connection.
|
||
|
||
• Dumpcap now supports the -a packets:NUM and -b packets:NUM
|
||
options.
|
||
|
||
• Wireshark now includes a “No Reassembly” configuration profile.
|
||
|
||
• Wireshark now supports the Russian language.
|
||
|
||
• The build system now supports AppImage packages.
|
||
|
||
• The Windows installers now ship with Qt 5.12.0. Previously they
|
||
shipped with Qt 5.9.7.
|
||
|
||
Removed Features and Support
|
||
|
||
• The legacy (GTK+) user interface has been removed and is no
|
||
longer supported.
|
||
|
||
• Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
|
||
|
||
• Wireshark requires GLib 2.32 or later.
|
||
|
||
• Building Wireshark requires CMake. Autotools is no longer
|
||
supported.
|
||
|
||
• TShark’s -z compare option was removed.
|
||
|
||
New File Format Decoding Support
|
||
|
||
Ruby Marshal format
|
||
|
||
New Protocol Support
|
||
|
||
Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
|
||
BLIP Couchbase Mobile (BLIP), CDMA 2000, Cisco Meraki Discovery
|
||
Protocol (MDP), Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS
|
||
26.445 A.2 EVS RTP), Exablaze trailers, General Circuit Services
|
||
Notification Application Protocol (GCSNA), GeoNetworking (GeoNw),
|
||
GLOW Lawo Emberplus Data format, GSM-R (User-to-User Information
|
||
Element usage), HI3CCLinkData, Intelligent Transport Systems (ITS)
|
||
application level, ISO 13400-2 Diagnostic communication over Internet
|
||
Protocol (DoIP), ITU-t X.696 Octet Encoding Rules (OER), Local Number
|
||
Portability Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR
|
||
(5G) PDCP, Osmocom Generic Subscriber Update Protocol (GSUP), PCOM
|
||
protocol, PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2),
|
||
S101 Lawo Emberplus transport frame, Secure Reliable Transport
|
||
Protocol (SRT), Spirent Test Center Signature decoding for Ethernet
|
||
and FibreChannel (STCSIG, disabled by default), Sybase-specific
|
||
portions of TDS, systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0,
|
||
Ubiquiti Discovery Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50
|
||
Information Retrieval Protocol
|
||
|
||
Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
New and Updated Capture File Support
|
||
|
||
RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
|
||
and Unigraf DPA-400 DisplayPort AUX channel monitor
|
||
|
||
New and Updated Capture Interfaces support
|
||
|
||
dpauxmon, an external capture interface (extcap) that captures
|
||
DisplayPort AUX channel data from linux kernel drivers.
|
||
|
||
sdjournal, an extcap that captures systemd journal entries.
|
||
|
||
Major API Changes
|
||
|
||
• Lua: the various logging functions (debug, info, message, warn
|
||
and critical) have been removed. Use the print function instead
|
||
for debugging purposes.
|
||
|
||
Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html[4].
|
||
|
||
Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You
|
||
can usually install or upgrade Wireshark using the package management
|
||
system specific to that platform. A list of third-party packages can
|
||
be found on the download page[5] on the Wireshark web site.
|
||
|
||
File Locations
|
||
|
||
Wireshark and TShark look in several different locations for
|
||
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
||
locations vary from platform to platform. You can use About→Folders to
|
||
find the default locations on your system.
|
||
|
||
Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be
|
||
found at https://www.wireshark.org/docs/[6]
|
||
|
||
Community support is available on Wireshark’s Q&A site[7] and on the
|
||
wireshark-users mailing list. Subscription information and archives
|
||
for all of Wireshark’s mailing lists can be found on the web site[8].
|
||
|
||
Bugs and feature requests can be reported on the bug tracker[9].
|
||
|
||
Official Wireshark training and certification are available from
|
||
Wireshark University[10].
|
||
|
||
Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the Wireshark web site[11].
|
||
|
||
Last updated 2018-12-30 08:15:06 UTC
|
||
|
||
References
|
||
|
||
1. 1
|
||
2. 2
|
||
3. 3
|
||
4. 4
|
||
5. 5
|
||
6. 6
|
||
7. 7
|
||
8. 8
|
||
9. 9
|
||
10. 10
|
||
11. 11
|